Form Security (discussion)

Posted by Eray Alakese on Stack Overflow See other posts from Stack Overflow or by Eray Alakese
Published on 2011-01-17T02:32:05Z Indexed on 2011/01/17 2:53 UTC
Read the original article Hit count: 241

Filed under:
|
|
|

I'm asking for brain storming and sharing experience.

Which method you are using for form submiting security ?

For example , for block automatically sended POST or GET datas, i'm using this method :

// Generating random string
<?php $hidden = substr(md5(microtime()) ,"-5"); ?>

<form action="post.php" ....
// assing this random string to a hidden input
<input type="hidden" value="<?php echo $hidden;" name="secCode>

// and then put this random string to a session variable
$_SESSION["secCode"] = $hidden;

**post.php**
if ($_POST["secCode"] != $_SESSION["secCode"])
{
     die("You have to send this form, on our web site");
}

© Stack Overflow or respective owner

Related posts about php

Related posts about security